The LIS (License Intelligence Service) is a function used by Matrix42 License Manager to assign fingerprints and licenses to the respective software products. In this process, the LIS provides a list containing all known applications and their software products. Matrix42 keeps the LIS data up to date on a regular basis and hosts it on a server accessible to customers.
The LIS Update function allows to perform a full download of LIS data or just download the updated data providing options to upload unclassified licenses and fingerprints to be analyzed and classified by Matrix42.
The data flow and components involved is illustrated in the picture below:
LIS Update consists of the following components:
LIS Online Service
Global Service hosted on matrix42 web server used to download LIS update packages and upload user data (unclassified fingerprints and licenses). Service supports incremental updates.
Service Store LIS Services
A set of services hosted at customer side on Matrix42 Service Store web server. There are two LIS services installed together with Matrix42 Service Store:
- LIS Session Service – used to generate tokens to secure connection.
- LIS Transfer Service – used to transfer data between Matrix42 Service Store and LIS Online Service.
In 5.3 Service Store LIS Services are hosted in separate Windows service HostCommon.exe with the following URIs:
- LIS Session Service: http://<service_store>:<port>/LisSessionService/2010-05-12/
- LIS Transfer Service: http://<service_store>:<port>/LisTransferService/2010-05-16/
Port could be configured using Global System Settings of the Service Store. By default 49101 is used.
In product version 5.21 Service Store LIS Services are hosted under IIS with the following URIs:
- LIS Session Service: http://<service_store>/sps/LIS/LISSessionManager/LISSessionManagerService.svc
- LIS Transfer Service: http://<service_store>/sps/LIS/LISTransfer/LISTransferService.svc
For both services Anonymous and Integrated authentication should be enabled on IIS (default configuration).
LIS Update Wizard (Legacy UI only)
Standalone application (LISUpdate.exe) that is used to transfer data between Matrix42 Service Store installed at customer and LIS Online Service. Application is run from Matrix42 Service Store using Click-once and is signed with Matrix42 certificate. Application reuses local IE security/proxy settings and needs to be able to send web requests to https://support.update4u.de/lis/lisupdateservice.svc. It is possible that the network administrator for the corporate firewall will need to put an additional URL on their web address white list.
LIS Update Wizard is implemented as a standalone application because usually computer, where Matrix42 Service Store is installed, does not have internet connection.
LIS Update is not implemented as a server engine, because in many cases the server on which Matrix42 Service Store is installed does not have internet access. LIS Update could be activated from any client computer that has access to the Service Store. LIS Update tools are implemented as standalone applications and use network settings of the client computer on which they are running and also reuse proxy settings of the IE. This means the client computer, from which the LIS update is started, downloads the data package and pushes it to the web server.
The typical network configurations are shown in this PDF file. Image 1 describes the most typical setup: corporate network is located behind a firewall. In many cases the Service Store web server has no internet access and is only accessible internally. Image 2 describes an alternative setup which is often used if the Service Store access from outside the corporate network is required (e.g. customer portal, external users without VPN connection etc.). In such a case, when the LIS update is performed from a client both firewalls need to be checked to allow a successful communication.
Although LIS Update tools reuse network settings of the client computer, in many cases it is required to adjust corporate firewall settings and give them access to LIS Online Update Server. Both LIS Update Wizard (LISUpdate.exe) and LISUtil command-line tool (LISUtil.exe) need to send web requests to “https://support.update4u.de”. It is possible that the network administrator for the corporate firewall will need to put an additional URL on their web address white list.
Firewall and Proxy whitelisting
Between client and LIS server:
Between client and Service Store application server:
Go Daddy Class 2 Certification Authority must be added to the browser's Trusted Root Certification Authorities. If a proxy server is used, the same applies there.
To initiate LIS update user runs LIS Update Wizard from the Matrix42 Service Store.
LIS update process includes the following steps :
- Download LIS package
- LIS Update Wizard establishes connection with LIS Session Service and requests LIS certificate and last update data. Also this service generates security token that is used by LIS Transfer Service for security purposes.
- LIS Update Wizard establishes connection with LIS Online Service and downloads latest LIS package.
- LIS Update Wizard establishes connection with LIS Transfer Service and transfers downloaded LIS package.
- Upload User data.
- LIS Update Wizard establishes connection with LIS Session Service security token that is used by LIS Transfer Service for security purposes.
- LIS Update Wizard establishes connection with LIS Transfer Service and gets a package with unclassified LIS user data (fingerprints and licenses).
- LIS Update Wizard establishes connection with LIS Online Service and uploads the package with LIS user data for classification.
LIS Update Wizard doesn’t use local disk space, but uses streaming to transfer data.